Manualshelf

R0106-HP MSR Router Series Layer 3 - IP Routing Configuration Guide(V7)

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router
271272273274275276277278279280
266
Configuring IPsec for IPv6 BGP
Perform this task to configure IPsec for IPv6 BGP. IPsec can provide privacy, integrity, and authentication
for IPv6 BGP packets exchanged between BGP peers.
When two IPv6 BGP peers are configured with IPsec (for example, Device A and Device B), Device A
encapsulates an IPv6 BGP packet with IPsec before sending it to Device B. If Device B successfully
receives and de-encapsulates the packet, it establishes an IPv6 BGP peer relationship with Device A and
learns IPv6 BGP routes from Device A. If Device B receives but fails to de-encapsulate the packet, or
receives a packet not protected by IPsec, it discards the packet.
To configure IPsec for IPv6 BGP packets (IPv6 unicast/multicast address family):
Step Command Remarks
1. Enter system view.
system-view N/A
2. Configure an IPsec transform
set and a manual IPsec profile.
See Security Configuration Guide.
By default, no IPsec transform set or
manual IPsec profile exists.
3. Enter BGP view or BGP-VPN
instance view.
Enter BGP view:
bgp as-number
Enter BGP-VPN instance view:
a. bgp as-number
b. ip vpn-instance
vpn-instance-name
Use either method.
4. Apply the IPsec profile to an
IPv6 BGP peer or peer group.
peer { group-name |
ipv6-address } ipsec-profile
profile-name
By default, no IPsec profile is
configured for any IPv6 BGP peer
or peer group.
This command supports only IPsec
profiles in manual mode.
Disabling BGP to establish a session to a peer or peer group
This task enables you to temporarily tear down the BGP session to a specific peer or peer group. Then
you can perform network upgrade and maintenance without needing to delete and reconfigure the peer
or peer group. To recover the session, execute the undo peer ignore command.
To disable BGP to establish a session to a peer or peer group (IPv4 unicast/multicast address family):
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter BGP view or BGP-VPN
instance view.
Enter BGP view:
bgp as-number
Enter BGP-VPN instance view:
a. bgp as-number
b. ip vpn-instance
vpn-instance-name
N/A
3. Disable BGP to establish a
session to a peer or peer
group.
peer { group-name | ip-address }
ignore
By default, BGP can establish a
session to a peer or peer group.